A system protects personally identifiable information (PII) by implementing an unconventional key management scheme. In this scheme, the system uses a set of keys rather than an individual key for encrypting PII. Different portions of the PII are encrypted using different keys from the set of keys. In this manner, even if a malicious user were to access a key, that key would not give the malicious user the ability to decrypt all of the PII. Additionally, the system generates a new set of keys periodically (e.g., once a month). The system also deletes sets of keys that are too old (e.g., six months old). As a result, even if a malicious user were to access a key, the usefulness of that key would be time limited.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
6. The token handler of claim 5, wherein the processor is further configured to communicate the set of public encryption keys to the device.
A system for secure token management in a distributed computing environment addresses the challenge of securely distributing and managing cryptographic keys across multiple devices. The system includes a token handler with a processor that generates and manages a set of public encryption keys for secure communication. The processor is configured to communicate these public encryption keys to a device, enabling the device to encrypt data using the keys. The token handler also includes a memory for storing the public encryption keys and a communication interface for transmitting the keys to the device. The system ensures that only authorized devices receive the necessary cryptographic keys, enhancing security in data transmission. The processor may also validate the device's identity before transmitting the keys, further securing the communication process. This approach prevents unauthorized access to encrypted data and ensures that only trusted devices can participate in secure communications. The system is particularly useful in environments where multiple devices need to securely exchange encrypted data, such as in blockchain networks, IoT systems, or cloud computing platforms.
7. The token handler of claim 1, wherein the processor is further configured to determine, based on an ordinal assigned to a key of the set of public encryption keys and on a number of keys in the set of public encryption keys, that an age of the key exceeds a predetermined time threshold.
This invention relates to a token handler system for managing cryptographic keys, specifically focusing on determining the age of a public encryption key within a set of keys. The system addresses the challenge of securely managing and rotating cryptographic keys to maintain security in distributed or decentralized environments, such as blockchain or secure communication networks. The token handler includes a processor configured to evaluate the age of a public encryption key by analyzing its ordinal position within a set of keys and the total number of keys in that set. The ordinal represents the key's position in a sequence, and by comparing this ordinal to the total number of keys, the system can infer whether the key's age exceeds a predefined time threshold. This approach allows the system to automatically identify and flag older keys that may need replacement or revocation, enhancing security by ensuring timely key rotation. The processor may also be configured to perform additional key management functions, such as generating new keys, distributing keys to authorized entities, or verifying the validity of keys based on their age. The system ensures that keys are periodically updated to mitigate risks associated with long-term key exposure, such as cryptographic attacks or unauthorized access. This method of age determination is particularly useful in environments where keys are frequently rotated or where key metadata (such as timestamps) is not readily available.
8. The token handler of claim 1, wherein the data originator randomly selected the first and second public encryption keys from the set.
This invention relates to a token handler system for secure data transmission, addressing the challenge of ensuring data integrity and authenticity in digital communications. The system involves a token handler that processes tokens generated by a data originator, where the tokens are encrypted using public-key cryptography to protect sensitive information during transmission. The token handler decrypts these tokens using corresponding private keys to verify the data's authenticity and integrity. The token handler includes a key management module that handles encryption keys, including a first and second public encryption key randomly selected from a predefined set by the data originator. These keys are used to encrypt different portions of the token, ensuring that even if one key is compromised, the other remains secure. The random selection of keys from the set enhances security by making it difficult for unauthorized parties to predict or replicate the encryption process. The token handler also includes a verification module that checks the decrypted token against expected values to confirm its validity before processing. The system is designed to prevent tampering and unauthorized access, ensuring that only authorized recipients can decrypt and verify the token's contents. The random selection of keys adds an additional layer of security by introducing unpredictability into the encryption process. This approach is particularly useful in applications where data integrity and confidentiality are critical, such as financial transactions, secure communications, and authentication systems.
14. The method of claim 13, further comprising communicating, by the token handler, the set of public encryption keys to the device.
A system and method for secure token management involves a token handler that generates and manages cryptographic tokens for secure communication between devices. The system addresses the challenge of securely distributing and verifying cryptographic keys in distributed networks, ensuring authentication and data integrity. The token handler creates a set of public encryption keys associated with a token, where each key is linked to a specific device or user. These keys are used to encrypt and decrypt data, ensuring secure communication. The token handler also communicates the set of public encryption keys to the device, enabling the device to verify the authenticity of the token and establish secure connections. The system may include additional features such as token validation, key rotation, and secure storage to enhance security. The method ensures that only authorized devices can access or verify the token, preventing unauthorized access and tampering. The system is applicable in various domains, including IoT, blockchain, and secure authentication systems, where secure key distribution and token management are critical.
15. The method of claim 9, further comprising determining, by the token handler, based on an ordinal assigned to a key of the set of public encryption keys and on a number of keys in the set of public encryption keys, that an age of the key exceeds a predetermined time threshold.
This invention relates to cryptographic key management, specifically ensuring the security and validity of public encryption keys in a distributed system. The problem addressed is the risk of using outdated or compromised keys, which can lead to security vulnerabilities. The solution involves a token handler that evaluates the age of a public key based on its ordinal position and the total number of keys in the set. The ordinal represents the key's position in a sequence, and by comparing it to the total number of keys, the system determines whether the key's age exceeds a predefined time threshold. If the key is too old, it is flagged for replacement or revocation. This mechanism ensures that only recent, secure keys are used for encryption, reducing the risk of attacks exploiting outdated keys. The system dynamically assesses key validity without requiring external time synchronization, making it robust for distributed environments. The method integrates with a broader key management process that includes generating, distributing, and rotating keys to maintain cryptographic security.
16. The method of claim 9, wherein the data originator randomly selected the first and second public encryption keys from the set.
A system and method for secure data transmission involves a data originator encrypting data using a first public encryption key and a second public encryption key, where the keys are randomly selected from a predefined set. The encrypted data is then transmitted to a recipient, who decrypts it using corresponding private keys. The recipient verifies the integrity and authenticity of the data by comparing decrypted values. The method ensures that only authorized recipients with the correct private keys can access the data, while unauthorized parties cannot decrypt it without the proper keys. The random selection of keys from a set enhances security by making it difficult for attackers to predict or target specific keys. This approach is particularly useful in environments where multiple recipients may need access to the same data, but with different levels of access control. The system may also include additional steps such as generating or updating the set of keys to maintain security over time. The method is applicable in secure communication protocols, digital rights management, and other applications requiring robust encryption and authentication mechanisms.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
April 12, 2023
April 9, 2024
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.